The New Organizational Network: Analytics Takes Center Stage · • Device vendor • Client capabilities (a/b/g/n/ac) • Client connection type ... difficult-to-find relationships

A Farpoint Group White Paper

Document FPG 2016-309.1 March 2016

The New Organizational Network: Analytics Takes Center Stage

Farpoint Group White Paper – March 2016


1

Overview Contemporary networks are the circulatory system of every organization, everywhere – a mission-critical resource that drives the productivity of end-users. But with networks today required to support rapidly-growing end-user and mobile-device bases and every application from traditional client-server to Cloud-centric services, streaming video, telephony, the Internet of Things, and more, understanding how network traffic and behavior affect overall performance and reliability, and what to do in the event of trouble, can be very difficult indeed. And, most importantly, today’s secure, cost-effective network operations depend upon a level of understanding and insight that is unavailable in traditional management consoles. This state of affairs is underpinning the rapid adoption of analytics, a powerful set of tools and techniques that have been hard at work in many sophisticated computational fields for decades. The application of analytics to networking promises improved reliability, availability, security, performance, as well as lower operating costs. Moreover, emerging multi-organization analytics can provide cross-organizational evaluation of the benefits and/or impacts of even proposed changes – again, with potentially dramatic operational cost savings. This Farpoint Group White Paper examines how organizational networks are being re-defined by analytics capabilities, and why the power of analytics is now essential to networking going forward.



2

hile networks today are often taken for granted by end-users, IT professionals know that there is no more mission-critical resource in their arsenal than the organization’s network. Today’s networks are truly the circulatory system of

the organization, and any failure or shortcoming in availability, reliability, security, or capacity represents a major threat to any organization’s ability to fulfill its responsibilities to staff, investors, and especially customers. The network, to cut to the chase, simply has to work. While today often lumped into the rather unglamorous category of plumbing, consider what life is like when that resource fails! But given the essential complexity that usually accompanies today’s networks, there are simply too many potential challenges for network planners and operations staffs to ever consider completely. Yes, we design for reliability and performance, but so much can still go wrong. And given the size and scope of today’s networks, limitations on the skills and availability operations staffs, and the new normal of constrained budgets, addressing problems as rapidly as possible today requires innovative thinking – and, especially, innovative solutions. After all, the only reason for the network to exist in the first place is to boost the productivity of end-users. Any compromise to network performance, security, reliability, or operations can easily result in both direct and consequential costs that can quickly scale to the level of essentially unmanageable damage. The requirement for augmented network operations and management solutions – today beyond that available from any single system vendor – is, then, obvious. Digging a bit deeper here, let’s consider just a couple of examples that illustrate how difficult it can indeed be to respond to common problems quickly, efficiently, and cost-effectively:

• Today’s networks involve both wired and wireless elements, often with separate and distinct management consoles. One of the most common conditions we’ve seen over the years is how conflicting settings within these two domains often end up beating against one another, all the while with no indication on either console.

• Mobile user bases – now the normal in essentially every organization – can create

spikes in demand that vary, almost instantaneously, with location. Apart from the potential wired/wireless conflicts noted above, such a situation can create stresses on infrastructure from access points (APs) to backhaul and external interconnections that can often be difficult to recognize and diagnose, let alone correct. Add in highly-variable traffic demands driven by diverse application requirements and broadly-varying time- and location-based behaviors, and understanding what’s really going on in the network can be complex indeed.

• Security (including here, we might add, integrity) remains the Number One

concern for many network managers, as should be the case. But with wireless security, wired security, and local policies (including identity management and BYOD), the security landscape can be so complex that understanding why a given authorized user cannot connect can easily consume vast amounts of otherwise productive support-staff time.

W



3

• Even software and firmware upgrades, on both clients and within infrastructure,

can result in problems ranging from the immediately obvious to insidiously and subtly building over time, with the eventual result often a crisis.

In fact, when we consider all of the issues that have the potential to degrade network operations, and the fact that it’s often the case that no single vendor management console has the visibility or the intelligence to recognize such problems (especially in mixed-vendor environments, again covering both wired and wireless infrastructure and clients), and thus with only very-limited ability to offer appropriate remediation, it’s clear that a new class of operational solution is required. Considering all of the above, it’s advantageous to think of contemporary networking as a Big Data problem. While the term “Big Data” is in common use today, definitions vary. For our purposes here, however, we will define Big Data as a collection of one or more large (gigabytes, and usually constantly growing) multi-dimensional, multivariate, and often unstructured data sets, where the relationships between data elements can be difficult to find, correlate, and understand. And it’s easy to see how the potentially vast amount of network operational data fits into this category (see Figure 1), as such can span wired, wireless, multiple networks, multiple vendors, and – as we will explore below – even across multiple otherwise-distinct organizations.

WLAN •  AP uptime, reboots, model, IP, O/S •  Radio Frequency status •  Channel utilization •  Signal to noise ratio (SNR) •  Noise floor •  Radio resets •  SSID and BSSID •  Controller CPU / memory utilization •  Associated clients to given AP •  Client performance

Client device / user •  Device type •  Operating System & version •  Device vendor •  Client capabilities (a/b/g/n/ac) •  Client connection type •  Timestamp on network •  Username or login •  User agent •  User role type

Network stats •  MAC to IP binding •  User table info •  Defined roles and/or VLANs

DNS •  Response/query type •  Response time •  Number of queries •  Number of Answers •  Time to Live (TTL)

DHCP •  Issued IP address •  Lease time •  Status code

RADIUS •  Username or login •  Session duration •  Response time

UDP •  Jitter •  Session duration •  Src/dest IP&port •  Sr/Dest Port

SIP •  MOS score •  Codec •  Call duration

RTCP •  Jitter •  Delay •  Packet Loss •  Src/Dest IP

HTTP •  URL •  Page Load time •  User Agent String •  Round Trip Time •  Status/Error Codes

TCP State Machine •  Round trip time •  Retransmission error rate •  Timeouts, window size •  SYN/ACK relationships •  Sequence number timings •  Src/Dest IP & port

SSL •  Domain & org name •  List of name servers

Figure 1 – The range of data that may be considered by a network analytics solution can indeed be enormous – as this example shows. Source: Nyansa.



4

Big Data, by the way, isn’t a new concept – it’s been a presence in many computational domains for decades. And, of particular importance here, the pervasiveness of Big Data problems has given rise to an equally-important set of techniques for extracting value, meaning, actionable information, and, particularly, insight from this data. This is the domain of analytics, and the (today revolutionary) application of analytics to networking will, we believe, become commonplace in IT shops within just the next few years. Network Analytics Arrives As we noted above, Big Data and analytics have been hard at work in many applications for a very long time. These have been primarily scientific in nature, including multi-element remote sensing in earth resources, environmental, and military applications; chemical and molecular modeling, including drug design, genomic research, and bioinformatics; mechanical and structural design and analysis, including mechanical engineering, materials science, and aerospace design; and even in business and economics, including econometric modeling and high-speed stock trading. Analytics, in fact, has often been defined in terms of its exploratory value when applied in these - and, again, many more - fields, and analytics might best be described as the set of techniques applied when one doesn’t know what one is looking for. In other words, given the size, constant growth and change, lack of structure, and multivariate/multi-dimensional nature of Big Data problems, being able to explore across seemingly unrelated elements can indeed be the key to solving the problem at hand rapidly, efficiency, and cost-effectively. Note, however, that analytics is clearly distinct from the more common analysis tools and techniques applied to simpler problems. Almost everyone, for example, has used a spreadsheet application and its integrated business graphics to explore non-Big-Data problems. A spreadsheet alone, however, would be completely inadequate for dealing with Big Data challenges. For this reason, analytics tools are almost always custom-designed to address problems within a given application domain. Analytics tools usually include a sophisticated graphics component to facilitate an understanding of the underlying meaning and value of the Big Data under consideration by human users. This set of capabilities was originally known as scientific visualization, reflecting the technical origins of Big Data. But the ability to translate complex and difficult-to-find relationships within such data into graphical images that can be readily understood is critical to the success of analytics no matter what the domain. Think of this capability as “look at” replacing “think about”. The goals of analytics, then, are insight and an actionable understanding of reality in a minimal amount of time – the ultimate in a complementary relationship between user and tool. Today’s networks clearly fit the Big-Data model, often involving vast amounts of disparate operational data. This includes configuration and policy databases, authentication databases, system logs, instantaneous and historical traffic flows, client behavioral data, and often much more. There’s no surprise here – networks today are comprised of physical elements that are really just computers, after all, and the trend



5

towards increasing network-operations value via software and databases is both clear and accelerating. In other words, we can think of networks today as a set of specialized computers and the databases off of which they operate. This reinforces why analytics is a key direction for networking, again with the specific requirements imposed on analytics solutions highly-specialized in this case. We’ll return to these requirements below. Networks thus have evolved well past the “plumbing” metaphor we applied above. Moving data around of course remains the primary objective of any network, but as we require networks to play an ever-greater role in security, traffic-flow optimization, and policy enforcement, only analytics can provide the information required to assure proper functionality while maximizing end-user satisfaction, and simultaneously minimizing operating expense and thus total cost of ownership. Understanding Network Analytics Solutions It can also be argued today that networks are, in fact, conceptually easy to understand. The key physical elements are Wi-Fi access points (APs), Ethernet switches providing power over Ethernet (PoE), routers (which are essentially Layer-3 switches today), management appliances, servers, (increasingly) Cloud services, and a few specialized appliances required for performance and security monitoring and assurance. But even as the number and type of these devices is limited, the scope, scale, and especially the diversity of applications that depend upon the network are the sources of the Big Data we discussed above. We can thus argue, then, that there is an essential and inherent complexity in networking that will remain an element in network and thus IT operations for the foreseeable future – easy in concept, but complex in operation. This state of affairs has led to the rise of a sub-industry within networking producing a wide array of products and services designed to understand, extract meaning from, and aid in the establishment and maintenance of network performance and security. These fall under the general heading of “performance management” solutions, and, as is typical of IT products and services, these have evolved from point solutions that were originally developed to deal with a single problem or issue. Consequently, the marketplace is dotted with firms offering a wide array of products of (typically) limited visibility and scope, and thus limited utility. For example:

• IP Address Management (IPAM) tools, merging SDCP and DNS capabilities

• Network Performance Management (NPM) solutions

• Application Performance Management (SPM) tools and services

• Network Capacity Management (NCP) capabilities



6

• Wi-Fi Assurance solutions, providing over-the-air monitoring. These often rely on networks of sensors that resemble receive-only APs to monitor performance, security, and integrity. While useful, these ignore the wired elements of the network, where a problem that initial appears to be wireless might actually reside

• Unified management solutions, sometimes with cross-vendor support. While

useful and even desirable, many of these are incomplete with respect to their ability to explore particular vendor-specific capabilities and, more globally, traffic flows.

And, thus, selecting the right solution for performance and cost optimization can be a daunting task indeed. We can sum up this state of affairs as follows:

• While many products in the above categories (and beyond, we might add) can indeed yield value, the origin of these categories and products as point solutions has consequently resulted in the siloing of implementations. By their very nature, Big-Data problems and their corresponding analytics solutions cross these artificial boundaries, involving a far larger context that is addressable via siloed solutions, and thus demand the power of analytics in order to obtain optimal (in terms of cost, time-to-solution, etc.) results.

• Ultimately, then, attempting to get the big picture that analytics truly realizes via

the siloed approach results in added cost and complexity with a scope of visibility limited by a particular product or service (or an often-awkward combination of these), and with no guarantee of results or accuracy in solutions. The bottom line: silos do not work in network management and operations, period.

What is required, then, are analytics solutions that cross if not obliterate these silos. Limitations in scope and visibility - looking at only part of the data potentially available, as we noted above - may send operations staffs in entirely the wrong direction when problems occur, with the consequential downsides of incorrect conclusions, wasted time, higher costs, and lost productivity. It’s thus vital to consider the entire network value chain, starting with the client and proceeding all the way to the point where the organizational network meets the outside world. Network Analytics: Key Requirements Given all of the above, we can assemble a checklist of what to look for in network analytics solutions that optimize cost, productivity (again, for both operations staffs and end users alike), time-to-solution, and accuracy, as follows:

• Unification of information – Just as unified management merges wired and wireless network visibility and control, effective network analytics solutions must do likewise. Attempting to diagnose and correct (and, as we’ll discuss below, avoid) network issues without a global view of all network elements is at best



7

suboptimal, and will become increasingly less-than-productive as networks become more software-based. Search, what-if, and graphical tools are also essential here.

• Cross-stack – Effective analytics solutions will gather data on app/application

behavior and performance, protocols, traffic flows, wireless (RF behavior and performance, location, etc.), wired infrastructure, client devices, and users, as possible, required, and prudent under local policies (see Figure 2). Big Data, after all, is about finding meaning, value, and solutions across such disparate domains of information, and the more information, the better – assuming appropriate analytics, of course.

• Multi-vendor – Analytics solutions must be agnostic with respect to specific

network elements from multiple system vendors. Interoperability is clearly established as a fundamental requirement for networking success, and successful analytics solutions will carefully address this reality.

• Client-agnostic – Similarly, essentially any and every client device that connects

to the network must be supported. This should be simple, but too often we’ve seen performance management solutions that require modifications to settings or even software or drivers installed on a given client. Such will not be viable going forward, as the level of management effort involved here will simply be uneconomical.

Figure 2 – Gathering data in a non-disruptive, low-impact manner is essential. This solution uses a virtual-machine-based “crawler” to source data for forwarding to a Cloud-based, multi-organizational service. Source: Nyansa.



8

Along these same lines, it’s vital that any analytics solution have as a goal the optimization of visibility into client behavior, traffic requirements, and potential issues affecting security, reliability, and support costs. Again, we must ultimately evaluate networks in terms of their ability to maximize productivity and quality of experience (QoE) for end-users, and understanding what client devices are really doing is a key element towards this end.

• Secure – Any database must of course be secure, allowing access only to

authorized users and assuring that data cannot be added or modified except, again, by authorized users. Any analytics solution thus must be carefully audited to validate sources of data, the integrity of that data, and assure that system operations are in no way compromised by its application in any given case. And, of course, analytics solutions should concern themselves only with patterns or behavior and never with actual user data – in other words: headers only, no payloads.

• Cloud-based – Farpoint Group believes that Cloud-based services are the future

of much of IT, and networking is no exception. Implementing network services in the Cloud, including analytics, has numerous benefits in terms of scalability, reliability and resilience, cost, and access from anywhere (see Figure 3). And such fits very much in line with the rapidly-evolving trend towards network functions virtualization (NFV), in which elements of network infrastructure can and will be implemented as Cloud-based services for both carriers and organizations. Analytics as a Service (AaaS)? Absolutely! And such would even be our first choice as an implementation strategy.

Figure 3 – Cloud-based network analytics solutions, offered as a service, feature inherent scalability, improved reliability, and more expeditious support of multiple organizations. Source: Nyansa.



9

• Universal and cross-organizational – An additional benefit of the Cloud-based analytics strategy is the ability to offer cross-organizational analytics. A problem and its corresponding solution noted within one organization might easily provide guidance to another otherwise unrelated firm. This is one of the most exciting possibilities in network analytics today – organizations might, for example, be able put proactive solutions in place long before system vendors have even identified a given issue. And a recommended firmware upgrade might in fact result in performance degradation, based on experiences analyzed in other organizations.

• Predictive – IT shops everywhere will increasingly depend upon the ability of

analytics to identify problems before they become evident and result in damage. Predictive analytics, we believe, will become a central capability that no networking shop will want to be without.

• Easy to use – And, of course, making the fundamental complexity of analytics

easy for operations staffs is critical to the long-term success of this innovation. Successful analytics products and services will optimize user interfaces and reporting so that operations professionals can become productive with minimal effort (see Figure 4).

We believe that network analytics will rapidly become so valuable that they will literally pay for themselves within a very brief period of time following installation. The concept is indeed that powerful.

Figure 4 – Simple and intuitive console operations are essential with any analytics tool. Source: Nyansa.



10

Conclusions and Recommendations As we have explored in this Farpoint Group White Paper, analytics are rapidly becoming an essential component of network operations. And there really is no alternative here – analytics will quickly become a core requirement in an era where organizations cannot possibly operate without their network, and demand is driven by mobility and the need for ever-greater end-user productivity. The integration and application of network analytics is clearly a major step forward in optimizing for this objective. Additional key elements in determining the value of any investment in new networking technologies, especially for paradigm shifts like the integration of analytics as a core network capability, are improvements in operations-staff productivity and in network reliability and performance, with capacity (not just throughput alone) and the ability to support highly-variable - in terms of both location-based and temporal demand - time-bounded traffic with minimal latency. And the only way to realize these goals will be through network-wide, cross-stack visibility – precisely what network analytics offers. Looking ahead, it’s easy to see how software-defined networking (SDN) will eventually use and even depend upon analytics in a feedback-loop configuration to provide automated fine-tuning and to assure policy compliance. And the benefits of Cloud-based implementations, critical to future SDN and NFV initiatives, are of immediate value even in initial deployments of network analytics.

Putting Network Analytics to Work One firm that’s already offering a sophisticated network analytics service is Nyansa (www.nyansa.com). We’d met a few of the folks at Nyansa during their previous tenures with such industry leaders as Aruba Networks, Meraki, and Ruckus Wireless, and, given that we’re obviously quite excited about the revolutionary potential for network analytics, we jumped at the chance to speak with them recently. And we were also pleased to have the chance to speak with John Turner, Director at reseller Adaptive Communications, who’s had real-world, hands-on experience with the Nyansa solution. John has an extensive background in designing, installing, and troubleshooting wireless LANs, so his perspective on the potential of analytics is enlightening, to say the least. “There’s not much value in looking through logs, trying to understand the meaning that might be buried in a large number of seemingly-unrelated events,” John told us. “There’s just too much data. The kinds of problems we see today are almost always complex and time-critical. Analytics gives us the ability to look across all of the data involved, quickly and accurately determining what’s really going on.” John is also very enthusiastic about the potential of Cloud-based, cross-organizational predictive analytics. “Comparative analytics helps us to see how a change made at one site might affect another. We can often determine the value of a proposed change or upgrade well in advance of actually doing the work, saving everyone time and effort, and making sure we deliver the best value to all involved.”



11

Our recommendation, then, is any easy one: network analytics is already revolutionizing network operations, and every networking shop of any size should begin an evaluation of this capability as soon as possible.

Ashland MA USA 508-881-6467

www.farpointgroup.com [email protected]

The information and analysis contained in this document are based upon actual testing and publicly-available information sources believed to be correct as of the date of publication. Farpoint Group assumes no liability for any inaccuracies that may be present herein. Revisions to this document may be issued, without notice, from time to time.

Copyright 2016 – All rights reserved Permission to reproduce and distribute this document is granted provided this copyright notice is included and that no modifications are made to the original.

Documents

The New Organizational Network: Analytics Takes Center Stage · • Device vendor • Client capabilities (a/b/g/n/ac) • Client connection type ... difficult-to-find relationships